Postfix - MX Records and Receiving Emails
From that solid base, we can send mail and we know it all works according to plan. Now we can move onto receiving emails. To do that, we need to create the correct MX records and open port 25 in our iptables firewall.
Remember that at this stage we are dealing with a single domain. In the example articles I am using the domain 'democloud.com'. You would, of course, replace that with your main domain.
Although there are existing articles on creating MX records (see here), let's have a quick run through of what we need.
Keeping with traditional naming conventions we need a subdomain named 'mail' (thus giving mail.democloud.com). and the MX record for democloud.com pointing to that subdomain.
Please refer to the article below for details of how to add the records to the DNS panel in the Control Panel.
It is possible to have multiple MX records and have multiple mail servers for your mail. The way a request works out which one to use is based on this figure: The lower the number the higher the priority.
I entered '10' as I don't know what the future will hold. I may set up a 'super' mail server and want to give that one a higher MX priority, As such, when I created records for the 'super' mail server I would enter '0'.
A little 'future proofing' never does any harm.
Verify with dig
Once the records have been created they can be checked using the 'dig' command.
The moment the records have been created, you can check them on the nameserver itself. This saves waiting for the records to propagate only to find you made a mistake.
So, to check the 'mail' subdomain is correctly entered on the Cloud Servers nameserver:
dig mail.democloud.com @dns1.stabletransit.com
The section we are looking for is:
;; ANSWER SECTION: mail.democloud.com. 86400 IN A 184.108.40.206
Now we can check the MX record for the democloud.com domain:
dig democloud.com mx @dns1.stabletransit.com
;; ANSWER SECTION: democloud.com. 86400 IN MX 10 mail.democloud.com.
Again, that is correct.
When we set up the Cloud Server we created a simple firewall using an iptables script (please see the Cloud Server setup article for details).
The common port for receiving mail is port 25 and base setup didn't have that port open.
If you tried to send mail to the domain you would get an undeliverable notification.
Using the same files from the Cloud Server setup article, let's open the iptables test file:
sudo nano /etc/iptables.test.rules
To open port 25, we need to add the following just after the 'Allows all outbound traffic' entry:
# Allows postfix to accept incoming connections -A INPUT -p tcp --dport 25 -j ACCEPT
Note the line starting with the '#' is not compulsory but I find commenting a file makes for much easier administration at a later date when you have no idea what you entered.
Once done and saved, we need to make the new rule set active:
sudo iptables-restore < /etc/iptables.test.rules
The port will now be open but it's always good practice to check something so important:
sudo iptables -L
Amongst the output is the new line:
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
So now we can accept smtp connections - it is named smtp as the default port (25) has been opened.
To save the final configuration to the script that is executed on a reboot, you need to be root rather than just use sudo:
The command is:
iptables-save > /etc/iptables.up.rules
Once done, exit root:
We now have the correct port open in our iptables firewall.
Now we have the Cloud Server setup to receive mail for our domain.
The next article will look at the telnet package to conduct some final tests on the setup to ensure postfix is sending the correct identification details. We'll also take a look at checking the email from the command line.
© 2011-2013 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License
See license specifics and DISCLAIMER